Siemens WinCC Multiple Vulnerabilities

Overview Independent researchers Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov from Positive Technologies have identified multiple vulnerabilities in the Siemens WinCC application. In evaluating these reported...

Scadatec Limited Procyon Telnet Buffer Overflow

Overview ICS-CERT originally released Advisory ICSA-11-216-01P on the US-CERT Portal on August 04, 2011. This web page release was delayed to allow users sufficient time to download and install the update. ICS-CERT has received a report from Knud Højgaard of the nSense Vulnerability Coordination...

Philips Vue PACS (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Philips Equipment : Vue PACS Vulnerabilities : Out-of-bounds Write, Deserialization of Untrusted Data, Uncontrolled Resource Consumption, Improper Privilege Management, Use of Default...

Siemens SINEMA Remote Connect Server

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

HID Global Encoders

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable locally Vendor : HID Global Equipment : iCLASS SE, OMNIKEY Vulnerability : Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read data from reader configuration...

Siemens Solid Edge SE2023

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Schneider Electric IGSS

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: IGSS Interactive Graphical SCADA System Vulnerabilities: Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity, Deserialization of...

Delta Electronics DX-2100-L1-CN

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Public exploits available/exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DX-2100-L1-CN Vulnerabilities: OS Command Injection, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

Rockwell Automation products using GoAhead Web Server

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Products using GoAhead Web Server Vulnerabilities: Infinite Loop, Use after Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could have a high...

Siemens APOGEE and TALON

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: APOGEE and TALON Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low privilege authenticated attacker to gain...

Nokia ASIK AirScale System Module

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low attack complexity Vendor: Nokia Equipment: ASIK AirScale 5G Common System Module Vulnerabilities: Improper Access Control for Volatile Memory Containing Boot Code, Assumed-Immutable Data is Stored in Writable Memory 2. RISK EVALUATION Successful...

Rockwell Automation FactoryTalk VantagePoint

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk VantagePoint software Vulnerabilities: Improper Access Control, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

Host Engineering Communications Module

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Host Engineering Equipment: H0-ECOM100 Communications Module Vulnerability: Stack-based Buffer overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the...

Siemens Mendix SAML Module

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix SAML Module Vulnerability: Authentication Bypass by Capture-replay 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA- ICSA-22-258-04 Siemens Mendix SAML...

Contec Health CMS8000 Patient Monitor (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Contec Health Equipment: CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor Vulnerabilities: Improper Access Control, Uncontrolled Resource Consumption, Use of Hard-Coded Credentials, Active Debug Code 2. RISK EVALUATION...

Digi ConnectPort X2D

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Digi International, Inc. Equipment: ConnectPort X2D Gateway Vulnerability: Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

Hitachi Energy LinkOne WebView

1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: LinkOne WebView Vulnerabilities: Cross-site Scripting, Use of a Password System for Primary Authentication, Configuration, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK...

Siemens SINUMERIK

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINUMERIK Controllers Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker, with network...

Cassia Networks Access Controller

1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity Vendor: Cassia Networks Equipment: Access Controller Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read any file from the Access Controller server. 3...

All Bachmann M1 System Processor Modules

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Bachmann Electronic, GmbH Equipment: All M-Base Controllers Vulnerability : Use of Password Hash with Insufficient Computational Effort 2. REPOSTED INFORMATION This updated advisory is a follow-up to...

Philips Interventional Workstations

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: Philips Interventional WorkSpot, Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live, ViewForum Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this...

Fuji Electric V-Server Lite

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Fuji Electric Equipment: V-Server Lite Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for remote code execution on the device. 3. TECHNICAL DETAILS 3.1...

Siemens Desigo Insight

1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Desigo Insight Vulnerabilities: SQL Injection, Improper Restriction of Rendered UI Layers or Frames, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION...

Advantech WebAccess

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1...

Honeywell INNCOM INNControl 3

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Honeywell Equipment: INNCOM INNControl 3 Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate user privileges within the...

Siemens SIPROTEC 4 and SIPROTEC Compact

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerability: Improper Input Validation 2. RISK EVALUATION This vulnerability could allow an attacker to conduct a denial-of-service attack over the network. 3. TECHNICAL...

Advantech WebAccess HMI Designer

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low skill level to exploit Vendor : Advantech Equipment : Advantech WebAccess HMI Designer Vulnerability : Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to remotely execute arbitrary code...

Schneider Electric Modicon Controllers

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon Controllers Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could result...

Yokogawa STARDOM Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Yokogawa Equipment: STARDOM Controllers --------- Begin Update A Part 1 of 5 -------- Vulnerabilities: Use of Hard-coded Credentials, Session Fixation, Insufficiently Protected Credentials,...

ICSA-18-107-03_Rockwell Automation Stratix Services Router

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit. Vendor : Rockwell Automation Equipment : Allen-Bradley Stratix 5900 Services Router Vulnerabilities : Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer,...

Advantech WebAccess

CVSS v3 7.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Advantech Equipment: WebAccess Vulnerabilities: Stack-based Buffer Overflow, Untrusted Pointer Dereference AFFECTED PRODUCTS The following versions of WebAccess, an HMI platform, are affected: WebAccess versions prior...

LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA

CVSS v3 7.3 ATTENTION: Low skill level to exploit. Vendor: LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment: LAquis SCADA Vulnerability: Improper Access Control AFFECTED PRODUCTS The following versions of LAquis SCADA, an industrial automation software, are affected: LAquis...

Siemens SICAM PAS Vulnerabilities

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-336-01 Siemens SICAM PAS Vulnerabilities that was published December 1, 2016, on the NCCIC/ICS-CERT web site. Siemens has released an advisory to inform its users on how to mitigate vulnerabilities that affect...

Unitronics VisiLogic OPLC IDE Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-274-02 Unitronics VisiLogic OPLC IDE Vulnerabilities that was published November 12, 2015, on the NCCIC/ICS-CERT web site. HP’s Zero Day Initiative ZDI reported to ICS-CERT that Steven Seeley of Source Incite,...

Fox DataDiode Proxy Server CSRF Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on September 26, 2014, and is being released to the ICS-CERT web site. Tudor Enache of HelpAG identified a Cross-Site Request Forgery CSRF in the proxy server web administration interface for the Fox DataDiode...

Schneider Electric SCADA Expert ClearSCADA Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-259-01 Schneider Electric SCADA Expert ClearSCADA Vulnerabilities that was published September 16, 2014, on the NCCIC/ICS-CERT web site. Independent researcher Aditya Sood has identified a weak hashing algorithm...

Siemens SiPass Server Buffer Overflow

OVERVIEW This advisory provides mitigation details provided by Siemens for a vulnerability that impacts the Siemens SiPass server. Siemens has reported a buffer overflow vulnerability in the Siemens SiPass server. Lucas Apa of IOActive discovered this vulnerability and reported it directly to...

Tridium Niagara Vulnerabilities

OVERVIEW --------- Begin Update A Part 1 of 2 -------- This updated advisory is a follow-up to the original advisory titled ICSA-12-228-01 Tridium Niagara Multiple Vulnerabilities that was published August 15, 2012, on the ICS-CERT Web page. It is also a follow-up to ICS-ALERT-12-195-01 Tridium...

7-Technologies Data Server Denial of Service

Overview ICS-CERT originally released advisory “ICSA-11-335-01P - 7-Technologies Data Server Denial of Service” in the US-CERT secure portal on December 01, 2011. This web page release was delayed to allow users time to download and install the update. Security researcher UCQ from the Cyber Defen...

AzeoTech DAQFactory Stack Overflow

Overview This advisory is a follow-up to the alert titled “ICS-ALERT-11-256-02—AzeoTech DAQFactory Stack Overflow” that was published September 13, 2011, on the ICS-CERT web page. ICS-CERT is aware of a public report of one stack overflow vulnerability with proof-of-concept POC exploit code...

AzeoTech DAQFactory Networking Vulnerabilities

Overview ICS-CERT Advisory ICSA-11-122-01 was originally released to the US-CERT Portal on May 24, 2011. This web site release was delayed to allow users sufficient time to download and install the upgrade. ICS-CERT received a report from the nSense Vulnerability Coordination Team concerning...

Siemens RUGGEDCOM CROSSBOW

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Delta Electronics DIAEnergie

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Delta Electronics Equipment : DIAEnergie Vulnerabilities : SQL Injection, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated...

Qolsys IQ Panel 4, IQ4 HUB

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION : Low attack complexity Vendor : Qolsys, Inc. Equipment : IQ Panel 4, IQ4 Hub Vulnerability : Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the panel...

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

Actions to take today to mitigate malicious activity: 1. Implement multifactor authentication. 2. Use strong, unique passwords. 3. Check PLCs for default passwords...

Siemens SIMATIC S7-1500 TM MFP Linux Kernel

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

B&R Systems Diagnostics Manager

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: B&R Industrial Automation Equipment: Systems Diagnostics Manager SDM Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability...

Siemens SCALANCE W1750D Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Fuji Electric Tellus Lite V-Simulator

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Tellus Lite V-Simulator Vulnerabilities: Out-of-bounds Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute...

Siemens APOGEE/TALON Field Panels

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: APOGEE PXC/TALON TC Vulnerabilities: Predictable Exact Value from Previous Values 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to hijack...